Information Disclosure
Monthly
Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rust EVM is an Ethereum Virtual Machine interpreter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
OTCLient is an alternative tibia client for otserv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Critical information disclosure vulnerability in TinaCMS CLI versions 1.0.0 through 1.0.8 that exposes environment variables (including sensitive credentials) by writing them in plaintext to the index.js file. Attackers can access exposed API keys, database credentials, or other secrets without authentication, though no active exploitation has been observed (EPSS: 0.37%, not in KEV). A patch is available in version 1.0.9.
A heap corruption vulnerability exists in GStreamer media framework versions before 1.18.4 when parsing malformed Matroska (MKV) video files. An attacker can craft a malicious Matroska file that, when processed by a vulnerable GStreamer installation, triggers heap memory corruption leading to potential code execution with the privileges of the application using GStreamer. While not known to be actively exploited in the wild (not in KEV), a public proof-of-concept exploit is available and the EPSS score of 0.24% indicates moderate exploitation likelihood.
Local privilege escalation in Windows Win32k kernel-mode driver allows authenticated local users to gain SYSTEM privileges via use-after-free exploitation. Affects all Windows versions from 7 through 10 1703 and Server 2008-2016. Confirmed actively exploited (CISA KEV) with publicly available exploit code. EPSS score of 17.77% (95th percentile) indicates significant real-world exploitation probability despite local attack vector requirement. Microsoft released patches in May 2017 security bulletin.
Local privilege escalation in the Windows COM Aggregate Marshaler affects all Windows versions from Server 2008 SP2 through Windows 10 1703, allowing low-privileged authenticated users to gain SYSTEM-level privileges through a specially crafted application. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code (Exploit-DB 42020) and an exceptionally high EPSS score of 92.69%, indicating near-certain real-world exploitation. Microsoft released patches in May 2017, but the widespread exploitation and broad platform impact make this a critical remediation priority for any unpatched Windows systems from this era.
Windows GDI (Graphics Device Interface) allows local privilege escalation through improper memory handling, attributed to the Zirconium APT group and exploited alongside browser zero-days in targeted campaigns.
The GStreamer multimedia framework contains an uninitialized memory vulnerability in its VMNC (VMware VNC) decoder that allows remote attackers to read sensitive information from process memory. When processing specially crafted VMNC video files (such as a single-frame movie that doesn't draw to the canvas), the decoder exposes uninitialized memory contents that may contain passwords, cryptographic keys, or other sensitive data from the application's memory space. A proof-of-concept exploit exists and has been publicly disclosed, with an EPSS score of 1.28% indicating moderate real-world exploitation likelihood.
The Win32k kernel-mode driver in Windows Vista through Windows Server 2016 allows local privilege escalation, exploited alongside CVE-2016-7256 in targeted attacks attributed to the Strontium (APT28/Fancy Bear) group.
The Win32k kernel-mode driver in Windows Vista through Windows 10 allows local privilege escalation through an unspecified vulnerability in window object handling, exploited in the wild by APT groups.
Win32k.sys in Windows Server 2003, Vista, and Server 2008 allows local privilege escalation through a kernel-mode vulnerability, exploited in the wild alongside browser zero-days in April 2015 as part of APT attack chains.
The Windows Kerberos KDC fails to properly validate PAC signatures, allowing any authenticated domain user to forge Kerberos tickets and gain domain administrator privileges. Known as MS14-068, one of the most critical Active Directory vulnerabilities ever disclosed.
Local privilege escalation in Windows afd.sys (Ancillary Function Driver) allows unauthenticated local attackers to gain SYSTEM privileges on Windows XP SP2/SP3 and Server 2003 SP2 through a crafted application requiring user interaction. CISA KEV confirms active exploitation in the wild, with EPSS score at 67.09% (99th percentile) indicating extremely high real-world exploitation likelihood. Multiple public exploit codes exist (Exploit-DB 21844, 18176), making this vulnerability trivially exploitable despite its age. Microsoft released patches via MS11-080 in October 2011, but legacy systems remain vulnerable.
Local privilege escalation in Microsoft Windows kernel-mode driver allows unprivileged users to gain SYSTEM-level access via malicious keyboard layout files. Affected platforms include Windows XP SP3, Windows Server 2003 SP2, Windows 7, and Windows Server 2008/R2 across all architectures. This vulnerability achieved widespread notoriety as one of four zero-days leveraged by the Stuxnet worm in July 2010 for industrial espionage and sabotage operations. Public exploit code exists (Exploit-DB 15985) with 8.88% EPSS score (92nd percentile), though no current KEV listing exists, suggesting exploitation was primarily limited to the Stuxnet campaign rather than ongoing widespread abuse. Microsoft released patches in MS10-073 (October 2010).
Local privilege escalation in Windows Task Scheduler allows authenticated users to execute code with SYSTEM privileges through crafted scheduled tasks that exploit improper security context validation. Affects Windows Vista SP1/SP2, Windows Server 2008 (all service packs and editions), Windows Server 2008 R2, and Windows 7. Public exploit code exists (Exploit-DB 15589, 19930) with a 63% EPSS score (98th percentile), indicating high real-world exploitation probability despite requiring local access. Microsoft addressed this via MS10-092 bulletin in December 2010, though the note suggests potential overlap with CVE-2010-3888.
The Windows kernel from NT 3.1 through Windows 7 improperly validates BIOS calls on 32-bit x86 platforms with 16-bit application support enabled, allowing local users to gain SYSTEM privileges and bypass UAC.
CVE-2007-5633 is a security vulnerability (CVSS 7.2) that allows local users. Risk factors: public PoC available.
Local privilege escalation in Microsoft Internet Information Services 5.0 allows authenticated local users to execute arbitrary code with SYSTEM privileges by placing malicious DLLs in search path locations that IIS uses to load in-process components. Publicly available exploit code exists. EPSS score of 2.16% (84th percentile) indicates lower exploitation probability, consistent with the local attack vector requiring pre-existing system access. Addressed by Microsoft MS01-044 security bulletin in 2001.
Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Rust EVM is an Ethereum Virtual Machine interpreter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
OTCLient is an alternative tibia client for otserv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Critical information disclosure vulnerability in TinaCMS CLI versions 1.0.0 through 1.0.8 that exposes environment variables (including sensitive credentials) by writing them in plaintext to the index.js file. Attackers can access exposed API keys, database credentials, or other secrets without authentication, though no active exploitation has been observed (EPSS: 0.37%, not in KEV). A patch is available in version 1.0.9.
A heap corruption vulnerability exists in GStreamer media framework versions before 1.18.4 when parsing malformed Matroska (MKV) video files. An attacker can craft a malicious Matroska file that, when processed by a vulnerable GStreamer installation, triggers heap memory corruption leading to potential code execution with the privileges of the application using GStreamer. While not known to be actively exploited in the wild (not in KEV), a public proof-of-concept exploit is available and the EPSS score of 0.24% indicates moderate exploitation likelihood.
Local privilege escalation in Windows Win32k kernel-mode driver allows authenticated local users to gain SYSTEM privileges via use-after-free exploitation. Affects all Windows versions from 7 through 10 1703 and Server 2008-2016. Confirmed actively exploited (CISA KEV) with publicly available exploit code. EPSS score of 17.77% (95th percentile) indicates significant real-world exploitation probability despite local attack vector requirement. Microsoft released patches in May 2017 security bulletin.
Local privilege escalation in the Windows COM Aggregate Marshaler affects all Windows versions from Server 2008 SP2 through Windows 10 1703, allowing low-privileged authenticated users to gain SYSTEM-level privileges through a specially crafted application. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code (Exploit-DB 42020) and an exceptionally high EPSS score of 92.69%, indicating near-certain real-world exploitation. Microsoft released patches in May 2017, but the widespread exploitation and broad platform impact make this a critical remediation priority for any unpatched Windows systems from this era.
Windows GDI (Graphics Device Interface) allows local privilege escalation through improper memory handling, attributed to the Zirconium APT group and exploited alongside browser zero-days in targeted campaigns.
The GStreamer multimedia framework contains an uninitialized memory vulnerability in its VMNC (VMware VNC) decoder that allows remote attackers to read sensitive information from process memory. When processing specially crafted VMNC video files (such as a single-frame movie that doesn't draw to the canvas), the decoder exposes uninitialized memory contents that may contain passwords, cryptographic keys, or other sensitive data from the application's memory space. A proof-of-concept exploit exists and has been publicly disclosed, with an EPSS score of 1.28% indicating moderate real-world exploitation likelihood.
The Win32k kernel-mode driver in Windows Vista through Windows Server 2016 allows local privilege escalation, exploited alongside CVE-2016-7256 in targeted attacks attributed to the Strontium (APT28/Fancy Bear) group.
The Win32k kernel-mode driver in Windows Vista through Windows 10 allows local privilege escalation through an unspecified vulnerability in window object handling, exploited in the wild by APT groups.
Win32k.sys in Windows Server 2003, Vista, and Server 2008 allows local privilege escalation through a kernel-mode vulnerability, exploited in the wild alongside browser zero-days in April 2015 as part of APT attack chains.
The Windows Kerberos KDC fails to properly validate PAC signatures, allowing any authenticated domain user to forge Kerberos tickets and gain domain administrator privileges. Known as MS14-068, one of the most critical Active Directory vulnerabilities ever disclosed.
Local privilege escalation in Windows afd.sys (Ancillary Function Driver) allows unauthenticated local attackers to gain SYSTEM privileges on Windows XP SP2/SP3 and Server 2003 SP2 through a crafted application requiring user interaction. CISA KEV confirms active exploitation in the wild, with EPSS score at 67.09% (99th percentile) indicating extremely high real-world exploitation likelihood. Multiple public exploit codes exist (Exploit-DB 21844, 18176), making this vulnerability trivially exploitable despite its age. Microsoft released patches via MS11-080 in October 2011, but legacy systems remain vulnerable.
Local privilege escalation in Microsoft Windows kernel-mode driver allows unprivileged users to gain SYSTEM-level access via malicious keyboard layout files. Affected platforms include Windows XP SP3, Windows Server 2003 SP2, Windows 7, and Windows Server 2008/R2 across all architectures. This vulnerability achieved widespread notoriety as one of four zero-days leveraged by the Stuxnet worm in July 2010 for industrial espionage and sabotage operations. Public exploit code exists (Exploit-DB 15985) with 8.88% EPSS score (92nd percentile), though no current KEV listing exists, suggesting exploitation was primarily limited to the Stuxnet campaign rather than ongoing widespread abuse. Microsoft released patches in MS10-073 (October 2010).
Local privilege escalation in Windows Task Scheduler allows authenticated users to execute code with SYSTEM privileges through crafted scheduled tasks that exploit improper security context validation. Affects Windows Vista SP1/SP2, Windows Server 2008 (all service packs and editions), Windows Server 2008 R2, and Windows 7. Public exploit code exists (Exploit-DB 15589, 19930) with a 63% EPSS score (98th percentile), indicating high real-world exploitation probability despite requiring local access. Microsoft addressed this via MS10-092 bulletin in December 2010, though the note suggests potential overlap with CVE-2010-3888.
The Windows kernel from NT 3.1 through Windows 7 improperly validates BIOS calls on 32-bit x86 platforms with 16-bit application support enabled, allowing local users to gain SYSTEM privileges and bypass UAC.
CVE-2007-5633 is a security vulnerability (CVSS 7.2) that allows local users. Risk factors: public PoC available.
Local privilege escalation in Microsoft Internet Information Services 5.0 allows authenticated local users to execute arbitrary code with SYSTEM privileges by placing malicious DLLs in search path locations that IIS uses to load in-process components. Publicly available exploit code exists. EPSS score of 2.16% (84th percentile) indicates lower exploitation probability, consistent with the local attack vector requiring pre-existing system access. Addressed by Microsoft MS01-044 security bulletin in 2001.